diff options
author | Dmitry Torokhov <dtor@chromium.org> | 2018-05-10 10:25:58 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-11 23:22:18 -0700 |
commit | 5e05a8331db957838ac9b1e048d86439235863a5 (patch) | |
tree | 60f1b7832c41e4bc9e9cd0265c546a7656c1665c | |
parent | 0ac9254f9ae496eba2e95d0c222071fe0bd07a26 (diff) | |
download | crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar.gz crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar.bz2 crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar.lz crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar.xz crosvm-5e05a8331db957838ac9b1e048d86439235863a5.tar.zst crosvm-5e05a8331db957838ac9b1e048d86439235863a5.zip |
crosvm: add a feature to disable sandbox by default
Add a build-time feature that allows having plugin and other parts of crosvm to run outside of jailed environment. This is strictly a development time feature and is not expected to be activated with shipping code. Sandbox can still be activated by passing -u (--multiprocess) option. BUG=None TEST=cargo test --feature=default-no-sandbox Change-Id: If9ef1ce8ed0b5d23cef3ad193679baca94413360 Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1054194 Reviewed-by: Zach Reizner <zachr@chromium.org>
-rw-r--r-- | Cargo.toml | 1 | ||||
-rw-r--r-- | src/main.rs | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/Cargo.toml b/Cargo.toml index b6db1eb..dfc58f4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,7 @@ panic = 'abort' [features] plugin = ["plugin_proto", "crosvm_plugin", "protobuf"] +default-no-sandbox = [] [dependencies] arch = { path = "arch" } diff --git a/src/main.rs b/src/main.rs index e175125..c723613 100644 --- a/src/main.rs +++ b/src/main.rs @@ -92,7 +92,7 @@ impl Default for Config { vhost_net: false, wayland_socket_path: None, socket_path: None, - multiprocess: true, + multiprocess: !cfg!(feature = "default-no-sandbox"), seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), cid: None, plugin: None, |